Vulnerabilities > CVE-2020-1791 - Incorrect Authorization vulnerability in Huawei Mate 20 Firmware

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

huawei

CWE-863

NVD

Published: 2020-02-18

Updated: 2021-07-21

Summary

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 20 Firmware - Huawei Mate 20 Firmware 9.0.0.205\(C00E205R2P1\) Huawei Mate 20 Firmware 9.1.0.131\(C00E131R3P1\) Huawei Mate 20 Firmware 9.1.0.139\(C00E133R3P1\) Huawei Mate 20 Firmware 10.0.0.175\(C00E70R3P8\)	5
Hardware	Huawei Huawei Mate 20 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-smartphone-en